User Mode and system Mode

HelloI have some difficulty in understanding the following

a) Normally apex code & trigger run in system.context But How to make the apex code execute in USER Mode? if the apex code executing in USER Mode is called by a trigger, will the trigger also execute in USER Mode?

b) Can a visual force page run in USER Mode instead of system.context , again what changes need to be done and why?

c) By default webservice classes written in apex , rest api execute in what Mode?

System mode is nothing but running apex code by ignoring user's permissions. For example, logged in user does not have create permission but he/she is able to create a record.

In system mode, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren't applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.

In Salesforce, all apex code run in system mode. It ignores user's permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn't enforce user permissions or field-level permissions, it only enforces record sharing.

User mode -

User mode is nothing but running apex code by respecting user's permissions and sharing of records. For example, logged in user does not have create permission and so he/she is not able to create a record.

In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.

All Answers

a) : Apex generally runs in system context; that is, the current user's permissions, field-level security, and sharing rules aren’t taken into account during code execution.​ The only exceptions to this rule are Apex code that is executed with the executeAnonymous call and Chatter in Apex. executeAnonymous always executes using the full permissions of the current user.

To run the trigger in user mode , Create Apex class with 'WithSharing' enforced and invoke the class from trigger. This will enforce Shariing settings based on user.

b) Because standard controllers execute in user mode, in which the permissions, field-level security, and sharing rules of thecurrent user are enforced, extending a standard controller allows you to build a Visualforce page that respects user permissions.

c) run in user mode.

d)system.run.As enables you to write test methods that change the user context to an existing user or a new user so that the user’s record sharing is enforced.( only record sharing ) ( only for test class)

Hi learn_cloudsfI have a doubt regarding point a.User_A has CRUD permission on Case & Read only permission on a Custom Object say employee.When Case record is created ,in Apex class invoked through trigger user_A is able to create record for custom object on which user does not have create permission. The Apex class is written using Sharing keyword.

The code in Apex class seems to run in system mode even using after sharing keyword.Can u pls explain why is this happening?

System mode is nothing but running apex code by ignoring user's permissions. For example, logged in user does not have create permission but he/she is able to create a record.

In system mode, Apex code has access to all objects and fields— object permissions, field-level security, sharing rules aren't applied for the current user. This is to ensure that code won’t fail to run because of hidden fields or objects for a user.

In Salesforce, all apex code run in system mode. It ignores user's permissions. Only exception is anonymous blocks like developer console and standard controllers. Even runAs() method doesn't enforce user permissions or field-level permissions, it only enforces record sharing.

User mode -

User mode is nothing but running apex code by respecting user's permissions and sharing of records. For example, logged in user does not have create permission and so he/she is not able to create a record.

In Salesforce, only standard controllers and anonymous blocks like developer console run in user mode.

User Mode : As per this Salesforce post, all Profile level permissions, sharing rules and Field level security are enforced in Apex if it runs in User mode. Standard Controller and Anonymous Apex runs in User mode.

System Mode : Same post conforms that custom controller, trigger, Apex class, controller extension works in System mode. Means eventhough user does not have necessary profile level permission, record level permission or field level permission, but still they can perform any operation on it.